Statistical Model of Correlation Difference and Related-Key Linear Cryptanalysis

The goal of this work is to propose a related-key model for linear cryptanalysis. We start by giving the mean and variance of the difference of sampled correlations of two Boolean functions when using the same sample of inputs to compute both correlations. This result is further extended to determine the mean and variance of the difference of correlations of a pair of Boolean functions taken over a random data sample of fixed size and over a random pair of Boolean functions. We use the properties of the multinomial distribution to achieve these results without independence assumptions. Using multivariate normal approximation of the multinomial distribution we obtain that the distribution of the difference of related-key correlations is approximately normal. This result is then applied to existing related-key cryptanalyses. We obtain more accurate right-key and wrong-key distributions and remove artificial assumptions about independence of sampled correlations. We extend this study to using multiple linear approximations and propose a Χ2-type statistic, which is proven to be Χ2 distributed if the linear approximations are independent. We further examine this statistic for multidimensional linear approximation and discuss why removing the assumption about independence of linear approximations does not work in the related-key setting the same way as in the single-key setting.

Tetrahedron maps, Yang–Baxter maps, and partial linearisations

We study tetrahedron maps, which are set-theoretical solutions to the Zamolodchikov tetrahedron equation, and Yang–Baxter maps, which are set-theoretical solutions to the quantum Yang–Baxter equation. In particular, we clarify the structure of the nonlinear algebraic relations which define linear (parametric) tetrahedron maps (with nonlinear dependence on parameters), and we present several transformations which allow one to obtain new such maps from known ones. Furthermore, we prove that the differential of a (nonlinear) tetrahedron map on a manifold is a tetrahedron map as well. Similar results on the differentials of Yang–Baxter and entwining Yang–Baxter maps are also presented. Using the obtained general results, we construct new examples of (parametric) Yang–Baxter and tetrahedron maps. The considered examples include maps associated with integrable systems and matrix groups. In particular, we obtain a parametric family of new linear tetrahedron maps, which are linear approximations for the nonlinear tetrahedron map constructed by Dimakis and Müller-Hoissen [9] in a study of soliton solutions of vector Kadomtsev–Petviashvili (KP) equations. Also, we present invariants for this nonlinear tetrahedron map.

chaste codegen: automatic CellML to C++ code generation with fixes for singularities and automatically generated Jacobians

Hundreds of different mathematical models have been proposed for describing electrophysiology of various cell types. These models are quite complex (nonlinear systems of typically tens of ODEs and sometimes hundreds of parameters) and software packages such as the Cancer, Heart and Soft Tissue Environment (Chaste) C++ library have been designed to run simulations with these models in isolation or coupled to form a tissue simulation. The complexity of many of these models makes sharing and translating them to new simulation environments difficult. CellML is an XML format that offers a solution to this problem and has been widely-adopted. This paper specifically describes the capabilities of chaste_codegen, a Python-based CellML to C++ converter based on the new cellmlmanip Python library for reading and manipulating CellML models. While chaste_codegen is a Python 3 redevelopment of a previous Python 2 tool (called PyCML) it has some additional new features that this paper describes. Most notably, chaste_codegen has the ability to generate analytic Jacobians without the use of proprietary software, and also to find singularities occurring in equations and automatically generate and apply linear approximations to prevent numerical problems at these points.

Multidimensional linear cryptanalysis with key difference invariant bias for block ciphers

For block ciphers, Bogdanov et al. found that there are some linear approximations satisfying that their biases are deterministically invariant under key difference. This property is called key difference invariant bias. Based on this property, Bogdanov et al. proposed a related-key statistical distinguisher and turned it into key-recovery attacks on LBlock and TWINE-128. In this paper, we propose a new related-key model by combining multidimensional linear cryptanalysis with key difference invariant bias. The main theoretical advantage is that our new model does not depend on statistical independence of linear approximations. We demonstrate our cryptanalysis technique by performing key recovery attacks on LBlock and TWINE-128. By using the relations of the involved round keys to reduce the number of guessed subkey bits. Moreover, the partial-compression technique is used to reduce the time complexity. We can recover the master key of LBlock up to 25 rounds with about 260.4 distinct known plaintexts, 278.85 time complexity and 261 bytes of memory requirements. Our attack can recover the master key of TWINE-128 up to 28 rounds with about 261.5 distinct known plaintexts, 2126.15 time complexity and 261 bytes of memory requirements. The results are the currently best ones on cryptanalysis of LBlock and TWINE-128.

Comparing Large-unit and Bitwise Linear Approximations of SNOW 2.0 and SNOW 3G and Related Attacks

In this paper, we study and compare the byte-wise and bitwise linear approximations of SNOW 2.0 and SNOW 3G, and present a fast correlation attack on SNOW 3G by using our newly found bitwise linear approximations. On one side, we reconsider the relation between the large-unit linear approximation and the smallerunit/ bitwise ones derived from the large-unit one, showing that approximations on large-unit alphabets have advantages over all the smaller-unit/bitwise ones in linear attacks. But then on the other side, by comparing the byte-wise and bitwise linear approximations of SNOW 2.0 and SNOW 3G respectively, we have found many concrete examples of 8-bit linear approximations whose certain 1-dimensional/bitwise linear approximations have almost the same SEI (Squared Euclidean Imbalance) as that of the original 8-bit ones. That is, each of these byte-wise linear approximations is dominated by a single bitwise approximation, and thus the whole SEI is not essentially larger than the SEI of the dominating single bitwise approximation. Since correlation attacks can be more efficiently implemented using bitwise approximations rather than large-unit approximations, improvements over the large-unit linear approximation attacks are possible for SNOW 2.0 and SNOW 3G. For SNOW 3G, we make a careful search of the bitwise masks for the linear approximations of the FSM and obtain many mask tuples which yield high correlations. By using these bitwise linear approximations, we mount a fast correlation attack to recover the initial state of the LFSR with the time/memory/data/pre-computation complexities all upper bounded by 2174.16, improving slightly the previous best one which used an 8-bit (vectorized) linear approximation in a correlation attack with all the complexities upper bounded by 2176.56. Though not a significant improvement, our research results illustrate that we have an opportunity to achieve improvement over the large-unit attacks by using bitwise linear approximations in a linear approximation attack, and provide a newinsight on the relation between large-unit and bitwise linear approximations.

Resistance of SNOW-V against Fast Correlation Attacks

SNOW-V is a new member in the SNOW family of stream ciphers, hoping to be competitive in the 5G mobile communication system. In this paper, we study the resistance of SNOW-V against bitwise fast correlation attacks by constructing bitwise linear approximations. First, we propose and summarize some efficient algorithms using the slice-like techniques to compute the bitwise linear approximations of certain types of composition functions composed of basic operations like ⊞, ⊕, Permutation, and S-box, which have been widely used in word-oriented stream ciphers such as SNOW-like ciphers. Then, using these algorithms, we find a number of stronger linear approximations for the FSM of the two variants of SNOW-V given in the design document, i.e., SNOW-V σ0 and SNOW-V⊞8, ⊞8. For SNOW-V σ0, where there is no byte-wise permutation, we find some bitwise linear approximations of the FSM with the SEI (Squared Euclidean Imbalance) around 2−37.34 and mount a bitwise fast correlation attack with the time complexity 2251.93 and memory complexity 2244, given 2103.83 keystream outputs, which improves greatly the results in the design document. For SNOW-V⊞8, ⊞8, where both of the two 32-bit adders in the FSM are replaced by 8-bit adders, we find our best bitwise linear approximations of the FSM with the SEI 2−174.14, while the best byte-wise linear approximation in the design document of SNOW-V has the SEI 2−214.80. Finally, we study the security of a closer variant of SNOW-V, denoted by SNOW-V⊞32, ⊞8, where only the 32-bit adder used for updating the first register is replaced by the 8-bit adder, while everything else remains identical. For SNOW-V⊞32, ⊞8, we derive many mask tuples yielding the bitwise linear approximations of the FSM with the SEI larger than 2−184. Using these linear approximations, we mount a fast correlation attack with the time complexity 2377.01 and a memory complexity 2363, given 2253.73 keystream outputs. Note that neither of our attack threatens the security of SNOW-V. We hope our research could further help in understanding bitwise linear approximation attacks and also the structure of SNOW-like stream ciphers.

Nonlinear Measure for Nonlinear Dynamic Processes Using Convergence Area: Typical Case Studies

Several industrial chemical processes exhibit severe nonlinearity. This paper addresses the computational and nonlinear issues occurring in many typical industrial problems in aspects of its stability, strength of nonlinearity and input output dynamics. In this article, initially, a prospective investigation is conducted on various nonlinear processes through phase portrait analysis to understand their stability status at different initial conditions about the vicinity of the operating point of the process. To estimate the degree of nonlinearity, for input perturbations from its nominal value, a novel nonlinear measure is put forward, that anticipates on the converging area between the nonlinear and their linearized responses. The nonlinearity strength is fixed between 0 and 1 to classify processes to be mild, medium or highly nonlinear. The most suitable operating point, for which the system remains asymptotically stable is clearly identified from the phase portrait. The metric can be contemplated as a promising tool to measure the nonlinearity of Industrial case studies at different linear approximations. Numerical simulations are executed in Matlab to compute , which conveys that the nonlinear dynamics of each Industrial example is very sensitive to input perturbations at different linear approximations. In addition to the identified metric, nonlinear lemmas are framed to select appropriate control schemes for the processes based on its numerical value of nonlinearity..